HackerTrans
TopNewTrendsCommentsPastAskShowJobs

vin10

no profile record

Submissions

How are cyber criminals rolling in 2025?

vin01.github.io
266 points·by vin10·السنة الماضية·92 comments

CVE-2024-38396: Abusing escape sequences in iTerm2 for code execution

vin01.github.io
5 points·by vin10·قبل سنتين·0 comments

Abusing url handling in iTerm2 and Hyper for code execution

vin01.github.io
141 points·by vin10·قبل سنتين·56 comments

You cannot simply publicly access private secure links, can you?

vin01.github.io
420 points·by vin10·قبل سنتين·218 comments

SSH ProxyCommand == unexpected code execution (CVE-2023-51385)

vin01.github.io
30 points·by vin10·قبل 3 سنوات·14 comments

comments

vin10
·قبل شهرين·discuss
There should be a metric for sites hosting malicious content!

https[:]//erasmus-plus.ec.europa.eu/sites/default/files/2026-05/mortal-kombat-2-cs.pdf
vin10
·قبل 7 أشهر·discuss
it's a (then-)safe default from the age when having 1GB of RAM and 2GB of swap was the norm: https://linux-kernel.vger.kernel.narkive.com/U64kKQbW/should...
vin10
·قبل 7 أشهر·discuss
> he way stuff fails when it runs out of memory is really confusing

have you checked what your `vm.overcommit_ratio` is? If its < 100%, then you will get OOM kills even if plenty of RAM is free since the default is 50 i.e. 50% of RAM can be COMMITTED and no more.

curious what kind of failures you are alluding to.
vin10
·قبل 7 أشهر·discuss
For anyone feeling brave enough to disable overcommit after reading this, be mindful that default `vm.overcommit_ratio` is 50% which means that if no swap is available, on a system with 2GB of total RAM, more than 1GB of RAM can't be allocated and requests will fail with preemptive OOMs. (e.g. postgresql servers typically disable overcommit)

- https://github.com/torvalds/linux/blob/master/mm/util.c#L753
vin10
·السنة الماضية·discuss
Nice usability features definitely. Apart from that how would you say it compares against something like sysdig falco / cilium + tetragon?

Apart from this a major issue is DNS based dynamic filtering which is way batter to get right in a Kubernetes environment with something like Cilium. IP lists are impossible to manage with modern level of third party integrations.
vin10
·السنة الماضية·discuss
Interesting project, I think I just found a way to crash the sandbox, just reported via an advisory.
vin10
·السنة الماضية·discuss
I would have expected at least Virustotal to flag them if that were the case. It does more than just looking up in a database of known malicious URLs and I think the reputation of the domains is the key factor here.

https://www.virustotal.com/gui/url/6dd23e90ee436e1ff066725aa...

> BitDefender - government

> Sophos - government

> Forcepoint ThreatSeeker - government

- https://docs.virustotal.com/docs/how-it-works
vin10
·السنة الماضية·discuss
It is the same for nested links as well. They mostly have a chain of links, each one taking you to a new one with hop count ranging anywhere from 5 up to 10 or more.
vin10
·قبل سنتين·discuss
> If you wouldn't trust running it on your host, you probably shouldn't run it in a container as well.

- From a Docker/Moby Maintainer
vin10
·قبل سنتين·discuss
It is guarded by a warning and requires explicit approval similar to browsers but yes, it does broaden the attack surface: https://gitlab.com/gnachman/iterm2/-/commit/fc9ae5c90f53cb1e...
vin10
·قبل سنتين·discuss
It is the first one, they need to be printed and clicked.
vin10
·قبل سنتين·discuss
This is a very well formulated suggestion. Nicely written!
vin10
·قبل سنتين·discuss
You are right about short expiry times but another catch here is that if pre-signed URLs are being leaked in an automated fashion, these services also keep the downloaded content from these URLs around. I found various such examples where links no longer work, but PDFs downloaded from pre-signed URLs were still stored by scanning services.

From https://urlscan.io/blog/2022/07/11/urlscan-pro-product-updat...

> In the process of scanning websites, urlscan.io will sometimes encounter file downloads triggered by the website. If we are able to successfully download the file, we will store it, hash it and make it available for downloading by our customers.
vin10
·قبل 3 سنوات·discuss
OP here. Another interesting attack vector I have been working on is OSC 8 for hyperlink support in terminals. Mostly they allow arbitrary url schemes including "ssh://" without any prompt or user interaction to consent to open an external tool like ssh client in this case.

A good discussion on this: https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3c...